DKIM - DomainKeys Identified Mail

DKIM (Domain Keys Identified Mail; RFC 8301dated January 2018) is an authentication standard that cryptographically associates a domain name with an email message. Senders insert cryptographic signatures into email messages which receivers can verify by using DNS-hosted public keys. When verification is successful, DKIM provides a reliable domain-level identifier that survive forwarding (unlike SPF).

selector._domainkey.example. net IN TXT “v=DKIM1; k=rsa; p=public key data”

Example DNS record for DKIM

Weakness - DKIM is generally more complex to set up than SPF, requiring a cryptographic signature on each message sent. DKIM will fail when content is modified in transit, like messages sent through a mailing list.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
202404031216 | April 2024